insecure-random.md

Pattern: Use of insecure random source

Issue: -

Description

Do not use insecure sources for random bytes. Use a secure random number generator instead. Bans all uses of Math.random and crypto.pseudoRandomBytes. Better alternatives are crypto.randomBytes and window.crypto.getRandomValues.

Further Reading

• TSLint - insecure-random
• CWE 330
• MDN Math.random
• Node.js crypto.randomBytes()